Lucene search
K

CVE-2020-12101

🗓️ 30 Apr 2020 13:40:34Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 71 Views🌐 WEB

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability
6 May 202000:00
zdt
Cvelist
CVE-2020-12101
30 Apr 202013:40
cvelist
NVD
CVE-2020-12101
30 Apr 202014:15
nvd
OSV
CVE-2020-12101
30 Apr 202014:15
osv
Packet Storm
xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control
1 May 202000:00
packetstorm
Prion
Information disclosure
30 Apr 202014:15
prion
Positive Technologies
PT-2020-13033 · Xt · Xt:Commerce
30 Apr 202000:00
ptsecurity
NVD
Node
xt-commercext-commerceRange5.1.06.2.2
ParameterPositionPathDescriptionCWE
address_book_idrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
old_address_classrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
address_classrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_companyrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_genderrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_firstnamerequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_lastnamerequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_street_addressrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_postcoderequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
customers_cityrequest bodyde/customerPOC endpoint for editing address uses address_book_id in POST to modify another user's address, enabling unauthorized nulling of address fields.CWE-276
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:51Current
4.4Medium risk
Vulners AI Score4.4
CVSS 24
CVSS 3.14.3
EPSS0.01986
71